• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

IPv6 with Cisco 1801W Router

Started by bardack, January 28, 2011, 04:52:19 AM

Previous topic - Next topic

bardack

Hi all,

I am trying to get the IPv6 tunnel working but I am facing problems ...

I have a Cisco router 1801W, with the following commands entered:


configure terminal
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 enable
ipv6 address 2001:470:1f14:131a::2/64
tunnel source Dialer0
tunnel destination 216.66.84.46
tunnel mode ipv6ip
ipv6 route ::/0 Tunnel0
end


Those commands are coming from tunnelbroker.net, I just replaced my IPv4 address with Dialer0.
I have a Win7 station connected via WiFi to the Internet, with the 1801W Router.

As asked on the tunnelbroker.net website, I clicked on the link to check if I'am IPv6, but always receive a message saying that I'm not.

What do I miss?

Thanks for your help.


broquea

did you add: ipv6 unicast-routing ?

bardack

Hi,

well yes.
My IPv6 is pingable from outside, this mean that the Tunnel is correctly working, but on my Cisco router.
My client (laptop) is not working as IPv6 ...
I probably miss something important ... but what ...

cconn

show the rest of the config.  how are you assigning the IPv6 on your LAN?  is the ipv6 enable on the LAN as well??

bardack

To be honest I am planning to learn IPv6 from http://ipv6.he.net/certification/
The step I have to do is just: create the tunnel ... which is not very detailed if you plan to learn :)

Following, my 1801W configuration:

Current configuration : 6183 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 1801W-GARAGE
!
boot-start-marker
boot-end-marker
!
enable secret 5 *********
enable password 7 *********
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-2884345684
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2884345684
revocation-check none
rsakeypair TP-self-signed-2884345684
!
!
crypto pki certificate chain TP-self-signed-2884345684
certificate self-signed 01
     *********
        quit
!
dot11 ssid HOME_FLO
   authentication open
   authentication key-management wpa
   guest-mode
   infrastructure-ssid
   wpa-psk ascii 7 *********
!
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.5.1 192.168.5.199
ip dhcp excluded-address 192.168.5.254
!
ip dhcp pool LOCAL
   import all
   network 192.168.5.0 255.255.255.0
   domain-name Flo-Lan
   default-router 192.168.5.254
   dns-server 192.168.5.254
!
!
ip domain name bardack.be
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip ddns update method DynDNS
HTTP
  add http://*********@members.dyndns.org/nic/update?system=dyndns&hostname=*********&myip=
interval maximum 0 6 0 0
interval minimum 0 6 0 0
!
!
ipv6 unicast-routing
multilink bundle-name authenticated
!
!
username bardack privilege 15 secret 5 *********
!
!
archive
log config
  hidekeys
!
!
ip ssh version 2
bridge irb
!
!
!
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address 2001:470:1F14:131A::2/64
ipv6 enable
tunnel source Dialer0
tunnel destination 216.66.84.46
tunnel mode ipv6ip
!
interface FastEthernet0
no ip address
ip virtual-reassembly
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet1
shutdown
speed 100
!
interface FastEthernet2
shutdown
duplex full
speed 100
!
interface FastEthernet3
shutdown
!
interface FastEthernet4
shutdown
!
interface FastEthernet5
shutdown
!
interface FastEthernet6
shutdown
!
interface FastEthernet7
shutdown
!
interface FastEthernet8
shutdown
!
interface Dot11Radio0
no ip address
ip virtual-reassembly
!
encryption mode ciphers tkip
!
ssid HOME_FLO
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
shutdown
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 8/35
  pppoe-client dial-pool-number 1
!
!
interface Vlan1
no ip address
shutdown
!
interface Dialer0
ip ddns update hostname *********
ip ddns update DynDNS host members.dyndns.org
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname *********
ppp chap password 7 *********
ppp ipcp dns request
ppp ipcp wins request
ppp ipcp address accept
!
interface BVI1
ip address 192.168.5.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
router ospf 1
log-adjacency-changes
network 192.168.5.0 0.0.0.255 area 0.0.3.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip dns server
ip nat inside source list 101 interface Dialer0 overload
ip nat inside source static udp 192.168.5.108 9 interface Dialer0 9
ip nat inside source static tcp 192.168.5.108 9000 interface Dialer0 9000
ip nat inside source static tcp 192.168.5.108 3483 interface Dialer0 3483
ip nat inside source static udp 192.168.5.108 3483 interface Dialer0 3483
ip nat inside source static tcp 192.168.5.108 22 interface Dialer0 22
ip nat inside source static tcp 192.168.5.108 80 interface Dialer0 80
!
access-list 101 permit ip 192.168.5.0 0.0.0.255 any
dialer-list 1 protocol ip permit
arp 192.168.5.108 001d.60d4.54ae ARPA
!
!
ipv6 route ::/0 Tunnel0
!
!
!
!
control-plane
!
bridge 1 route ip
banner motd ^C
*******************************************
DO NOT LOG ON
*******************************************
^C
!
line con 0
logging synchronous
line aux 0
line vty 0 4
logging synchronous
login local
transport input ssh
!
end

What I apparently miss is the IPv4 + v6 stacks working together ...

At the moment I do have DHCP server enabled on my router, but providing IPv4 ...
This thus make sense that I am not able to access IPv6 sites using my laptop since it has an IPv4 address ...

I do not understand ...

bardack

I do not plan to have DHCP under IPv6.
I do have a Linux server which has a static IPv4: 192.168.5.108.

The idea is to have that one with an IPv6.

I also have a laptop running Win7 (WIFI + DHCP IPv4). It would be great to have IPv6 on it also.

If somebody can give me some pists, it would be great.

Thanks in advance;

cconn

hello,

so quickly looking at your config, you are using wireless?  in any case, your BVI1 interface does not have a IPv6 address, therefore it is not doing anything for your client.

change this to;

interface BVI1
ip address 192.168.5.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ipv6 enable
ipv6 address 2001:4709:xxxx::1/64
!

I don't know what IPv6 address space was assigned to you by HE, but you need to add an IPv6 address to that interface in order for your 1801 to start sending RAs and basically enable you to have IPv6 forwarded accross those interfaces.


bardack

http://dinco.bardack.be/uploads/detailsIPv6.JPG
Then if I follow you correctly, I must provide the 2001:470:1f15:131a:: IPv6 address in the BVI1 interface?

To answer, yes I am using Wireless.

Anyway thanks for your time.

bardack

I cannot do that :(

1801W-GARAGE(config-if)#ipv6 address 2001:470:1f14:131a::2/64
%BVI1: Error: 2001:470:1F14:131A::/64 is overlapping with 2001:470:1F14:131A::/64 on Tunnel0
1801W-GARAGE(config-if)#ipv6 address 2001:470:1f14:131a::1/64
%BVI1: Error: 2001:470:1F14:131A::/64 is overlapping with 2001:470:1F14:131A::/64 on Tunnel0

broquea

you shouldn't be trying to use 1f14 space, use 1f15 like we provide details for as your routed subnet.

in fact, just do this:

conf t
int bvi1
ipv6 add 2001:470:1f15:131a::1/64
end

bardack

OK I start to understand :)

I configured my router with ipv6 add 2001:470:1f15:131a::1/64   for my BVI1 interface.

I configured my server with:
iface eth0 inet6 static
        address 2001:470:1f15:131a::2
        netmask 64
        gateway 2001:470:1f15:131a::1

From outside, I am able to ping:
- 2001:470:1f14:131a::2/64  (1801W - client tunnel ipv6)
- 2001:470:1f15:131a::1       (1801W - local address)

But I am not able to ping: 2001:470:1f15:131a::2

From my server, I am not able to ping 2001:470:1f15:131a::1 . But I am able to ping myself: 2001:470:1f15:131a::2.

Almost done :-) but still one detail apparently.

Thx for your help;

cconn

you put "ipv6 enable" on the bvi interface?  thats strange, you should at least be able to ping the 2001:470:1f15:131a::1 if you truly have 2001:470:1f15:131a::2 as an IP on your server.

if you put a IPv4 address on this server, can you ping the IPv4 IP of the BVI1?

cconn

I can ping your BVI1 IP from my workstation, so you either have a cabling or other issue;

C:\Users\cconn>ping 2001:470:1f15:131a::1

Pinging 2001:470:1f15:131a::1 with 32 bytes of data:
Reply from 2001:470:1f15:131a::1: time=137ms
Reply from 2001:470:1f15:131a::1: time=123ms
Reply from 2001:470:1f15:131a::1: time=124ms
Reply from 2001:470:1f15:131a::1: time=125ms

bardack

From my server:

bardack@dinco:~$ ping6 2001:470:1f15:131a::2
PING 2001:470:1f15:131a::2(2001:470:1f15:131a::2) 56 data bytes
64 bytes from 2001:470:1f15:131a::2: icmp_seq=1 ttl=64 time=0.016 ms
^C
--- 2001:470:1f15:131a::2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.016/0.016/0.016/0.000 ms
bardack@dinco:~$ ping6 2001:470:1f15:131a::1
PING 2001:470:1f15:131a::1(2001:470:1f15:131a::1) 56 data bytes
^C
--- 2001:470:1f15:131a::1 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

bardack@dinco:~$ ping 192.168.5.254
PING 192.168.5.254 (192.168.5.254) 56(84) bytes of data.
64 bytes from 192.168.5.254: icmp_seq=1 ttl=255 time=0.711 ms
^C
--- 192.168.5.254 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.711/0.711/0.711/0.000 ms


I am able to ping myself: 2001:470:1f15:131a::2
I am not able to ping the router: 2001:470:1f15:131a::1
I am able to ping the router: 192.168.5.254

There is nothing wrong from my point of view, except that ipv6 does not work ...

bardack

More details:

My laptop (on WIN7, using Wifi) has now the IPv6: 2001:470:1f15:131a::3

from the laptop:
- ping 2001:470:1f15:131a::2          -> WORKS   - This is the server
- ping 2001:470:1f15:131a::1          -> FAIL        - Cisco Router

From the server:
- ping 2001:470:1f15:131a::3           -> WORKS  - This is the laptop
- ping 2001:470:1f15:131a::1           -> FAIL       - This is the Router


There is a real problem when trying to connect the router ... But on IPv4 it works correctly.
Can it be related to my Cisco switch?

From my point of view not, because laptop -> router does not pass the switch (wifi, directly to router).

If somebody has an idea, it is almost done :)

Thx :)